PT-2024-8872 · Gitlab · Gitlab Ce/Ee+1
A92847865
·
Published
2024-11-26
·
Updated
2024-12-13
·
CVE-2024-8177
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
GitLab CE/EE versions 15.6 through 17.4.5
GitLab CE/EE versions 17.5 through 17.5.3
GitLab CE/EE versions 17.6 through 17.6.1
Description:
An issue was discovered in GitLab CE/EE that could cause Denial of Service via integrating a malicious harbor registry. The issue is related to algorithmic complexity and can be exploited by a remote attacker to cause a denial of service.
Recommendations:
For GitLab CE/EE versions 15.6 through 17.4.5, update to version 17.4.5 or later to resolve the issue.
For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.3 or later to resolve the issue.
For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.1 or later to resolve the issue.
As a temporary workaround, consider restricting the integration of harbor registries to minimize the risk of exploitation.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee